joaovarelas
commented
6 months ago Hello try to pass codegen options to rustc:
For example to build using cargo:
cargo rustc --release -- -Cllvm-args=-enable-allobf -Cdebuginfo=0 -Cstrip=symbols -Cpanic=abort -Copt-level=3
I think Hikari string encryption is not working with rust llvm IR https://github.com/61bcdefg/Hikari-LLVM15-Core/commit/be20ec074511b74ced5e8f79892abc90d1a376a8
sa6ta6ni6c @.***> escreveu no dia sábado, 16/12/2023 à(s) 18:19:
Hello! I was able to install OLLVM (Hikari) using docker on Ubuntu 22.04 machine. Installation went smooth, but it seems that although hikari outputs the build is obfuscated successfully, upon review in IDA it seems not. Used allobf.
Without hikari: C064C73B-EEE3-4F82-9801-B5E5CF6E51A8.jpeg (view on web) https://github.com/joaovarelas/Obfuscator-LLVM-16.0/assets/44274397/19d67b45-0519-47ba-948b-7763735e920b
With hikari: 486C2F87-C7B5-414C-A1AA-BEDF52694911.jpeg (view on web) https://github.com/joaovarelas/Obfuscator-LLVM-16.0/assets/44274397/6cba646f-be95-4b43-ba66-49b2ba0dedf5
Hikari output at the end:
Doing Post-Run Cleanup Hikari Out Spend Time: 0.0077369s std::mt19937_64 seeded with current timestamp: 1702740763666 Initializing Hikari Core with Revision ID:2b9c52f66815bb8d6ea74a4b26df3410602be9b0 Running Hikari On magnolia_endpoint.f67844fb-cgu.12 Doing Post-Run Cleanup Hikari Out Spend Time: 0.0044720s std::mt19937_64 seeded with current timestamp: 1702740763680 Initializing Hikari Core with Revision ID:2b9c52f66815bb8d6ea74a4b26df3410602be9b0 Running Hikari On magnolia_endpoint.f67844fb-cgu.5 Doing Post-Run Cleanup Hikari Out Spend Time: 0.0045967s std::mt19937_64 seeded with current timestamp: 1702740763696 Initializing Hikari Core with Revision ID:2b9c52f66815bb8d6ea74a4b26df3410602be9b0 Running Hikari On magnolia_endpoint.f67844fb-cgu.3 Doing Post-Run Cleanup Hikari Out Spend Time: 0.0027835s Finished release [optimized] target(s) in 1m 03s
— Reply to this email directly, view it on GitHub https://github.com/joaovarelas/Obfuscator-LLVM-16.0/issues/3, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABREHBLWOOTTK4EFFVGW3ZTYJXQ45AVCNFSM6AAAAABAXX7ZASVHI2DSMVQWIX3LMV43ASLTON2WKOZSGA2DIOBZGE4DGMA . You are receiving this because you are subscribed to this thread.Message ID: @.***>
-- João Varelas Security Researcher https://vrls.ws
sa6ta6ni6c
Hello! I was able to install OLLVM (Hikari) using docker on Ubuntu 22.04 machine. Installation went smooth, but it seems that although hikari outputs the build is obfuscated successfully, upon review in IDA it seems not. Used allobf.
CMD:
_RUSTCFLAGS="-Cllvm-args=-enable-allobf" cargo +ollvm-rust-1.70.0 build --release --target x8664-pc-windows-gnu
Interestingly, file size was almost unchanged:
2.086.400 bytes No Hikari 2.098.176 bytes Hikari
Without hikari:
With hikari:
Hikari output at the end:
Doing Post-Run Cleanup Hikari Out Spend Time: 0.0077369s std::mt19937_64 seeded with current timestamp: 1702740763666 Initializing Hikari Core with Revision ID:2b9c52f66815bb8d6ea74a4b26df3410602be9b0 Running Hikari On magnolia_endpoint.f67844fb-cgu.12 Doing Post-Run Cleanup Hikari Out Spend Time: 0.0044720s std::mt19937_64 seeded with current timestamp: 1702740763680 Initializing Hikari Core with Revision ID:2b9c52f66815bb8d6ea74a4b26df3410602be9b0 Running Hikari On magnolia_endpoint.f67844fb-cgu.5 Doing Post-Run Cleanup Hikari Out Spend Time: 0.0045967s std::mt19937_64 seeded with current timestamp: 1702740763696 Initializing Hikari Core with Revision ID:2b9c52f66815bb8d6ea74a4b26df3410602be9b0 Running Hikari On magnolia_endpoint.f67844fb-cgu.3 Doing Post-Run Cleanup Hikari Out Spend Time: 0.0027835s Finished release [optimized] target(s) in 1m 03s